Skip to content
Commit a6416012 authored by Chuck Lever's avatar Chuck Lever Committed by Greg Kroah-Hartman
Browse files

NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL 

[ Upstream commit 804d8e0a

 ]

OPDESC() simply indexes into nfsd4_ops[] by the op's operation
number, without range checking that value. It assumes callers are
careful to avoid calling it with an out-of-bounds opnum value.

nfsd4_decode_compound() is not so careful, and can invoke OPDESC()
with opnum set to OP_ILLEGAL, which is 10044 -- well beyond the end
of nfsd4_ops[].

Reported-by: default avatarJeff Layton <jlayton@kernel.org>
Fixes: f4f9ef4a

 ("nfsd4: opdesc will be useful outside nfs4proc.c")
Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent b9ba5906
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment